View Full Version : Windows Detected TrojanDownloader:Win32/Adload.DA virus
Hey guys, first time on the forums. The other day Windows informed me that it has detected TrojanDownloader:Win32/Adload.DA on my computer and that it has stopped my computer from working properly 4 times already (the last about one week ago). I've already run a handful of programs in an attempt to find a solution online (I know, not the best idea to do without supervision), including TDSSKiller, Malwarebytes, Hitman Pro, the ESET Online Scanner, CCleaner (to sweep up whatever was lying around), and STOPzilla. Everything before STOPzilla essentially only found tracking cookies and deleted them, but that program turned up 36 instances of Rogue.Win32.AntiVirus8. While this program was open, I attempted to run RKill, when STOPzilla popped up claiming it deleted and blocked the following infections:
Trojan.Win32.Ertfor
Trojan.Win32.Agent.gen
TrojanDropper.Win32.Pihar
Rogue.Win32.SystemProtector
I'm concerned that it may be a rootkit issue seeing as I recently had to deal with a fraudulent credit card charge. If anyone could take a look, I'd really appreciate it. I've pasted the DDS report and attached the longer one in .zip format, as requested in the FAQ.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Chris at 19:44:08 on 2012-06-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.1089 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\WebDrive\wdService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\vds.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VAIOME~1.LNK - C:\Program Files (x86)\DDNi\Oasis\Delay.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778} : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}\358656271647F6E6 : DhcpNameServer = 208.67.222.222 68.87.73.246 8.8.8.8
TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}\4456374796E697 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}\44F63647F627 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}\458656022427F677E672370294E6475627E65647 : DhcpNameServer = 192.168.1.1 68.237.161.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\zmotnfbc.default\
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-18 11032]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 WebDriveFSD;WebDrive Filesystem Driver;C:\Program Files\WebDrive\wdfsd.sys [2010-1-5 180312]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-20 245760]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 257696]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-12-25 401920]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TVICHW64;TVICHW64;\??\C:\Windows\system32\DRIVERS\TVICHW64.SYS --> C:\Windows\system32\DRIVERS\TVICHW64.SYS [?]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== Created Last 30 ================
.
2012-06-05 18:26:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C712F1FC-B72A-4B83-877F-4035950C3D4B}\offreg.dll
2012-06-05 12:38:40 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C712F1FC-B72A-4B83-877F-4035950C3D4B}\mpengine.dll
2012-06-05 12:38:38 -------- d-----w- C:\88f4310044fd9fd444
2012-06-05 02:26:29 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-06-05 02:26:18 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-06-05 02:26:13 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-06-05 02:26:11 -------- d-----w- C:\ProgramData\STOPzilla!
2012-06-05 02:05:18 -------- d-----w- C:\Program Files\CCleaner
2012-06-04 21:32:07 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-01 04:23:23 -------- d-----w- C:\Users\Chris\AppData\Local\{5937B427-6017-4050-89C0-9FEB7FECBB74}
2012-06-01 04:23:12 -------- d-----w- C:\Users\Chris\AppData\Local\{D37FEF48-A920-4142-A400-C35982EBB2B1}
2012-05-24 06:15:53 -------- d-----w- C:\Windows\en
2012-05-24 06:07:30 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-24 06:01:02 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\DSETUP.dll
2012-05-24 06:01:02 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\DXSETUP.exe
2012-05-24 06:01:02 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\dsetup32.dll
2012-05-24 05:58:59 -------- d-----w- C:\Users\Chris\AppData\Local\{C2A640C8-BA62-401F-B06E-1A0DA26C45F5}
2012-05-24 05:58:57 -------- d-----w- C:\Users\Chris\AppData\Local\{E1AC2853-43A2-40BA-A164-C8D774145AE4}
2012-05-24 05:47:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C0B74651-8023-42DA-B152-A56177D5589D}
2012-05-22 04:04:07 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-22 04:04:03 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-10 04:14:17 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 04:14:16 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 04:14:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 04:14:04 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 04:14:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 04:14:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 04:13:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 04:13:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 04:12:55 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 04:12:54 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 04:12:53 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 04:12:52 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 04:12:51 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
.
==================== Find3M ====================
.
2012-05-05 04:57:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:57:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 04:57:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-25 15:35:32 23376 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-04-25 15:35:22 546640 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-04-25 15:35:16 481104 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-04-19 21:39:44 29008 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-04-19 21:39:44 231248 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-04-19 21:39:42 390992 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-04-19 21:39:42 100176 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-04-19 21:39:36 104272 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-04-19 21:39:34 67408 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-04-19 21:39:34 132944 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-04-19 21:39:32 456528 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-04-19 21:39:30 808784 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 19:46:42.55 ===============
Thanks in advance for your time and help,
KingCD
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
What I would do before we start is to use a known clean computer and change all your passwords for sites you frequent, especially banking sites and sites that you shop at and use a credit card.
You also have two Anti Virus programs running, more than one is overkill , they both will bang heads and hamper system performance, its best just to have one, keep it updated and run regular scans. Your call but you need to uninstall one, either McAfee or Norton.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Working on getting access to a clean computer so I can change those passwords. As for the double antivirus issue, Norton shouldn't have been running, it was just the startup window of a 30 day trial that I never started. Either way, it's uninstalled now.
As a side note (whether this should/can be addressed now or later), I've plugged a few devices (SD card, smartphone, headphones (although I seriously doubt anything would be able to travel through the USB cable to mess with a headset)) into my computer since the date Windows claims it knew about this. Is there any action I should take to ensure they are clean as well?
During this first scan, my computer put itself to sleep for a minute or two before I noticed. I woke it immediately after and saw that it was still scanning. If you would like me to run another, just let me know. Here is the log for aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 19:05:15
-----------------------------
19:05:15.444 OS Version: Windows x64 6.1.7601 Service Pack 1
19:05:15.445 Number of processors: 8 586 0x1E05
19:05:15.446 ComputerName: CHRIS-VAIO UserName: Chris
19:05:19.623 Initialize success
19:06:15.478 AVAST engine defs: 12061201
19:06:39.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:06:39.083 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
19:06:39.089 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
19:06:39.095 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
19:06:39.102 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007e
19:06:39.109 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
19:06:39.142 Disk 0 MBR read successfully
19:06:39.150 Disk 0 MBR scan
19:06:39.168 Disk 0 Windows VISTA default MBR code
19:06:39.177 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8913 MB offset 2048
19:06:39.206 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18255872
19:06:39.237 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467925 MB offset 18460672
19:06:39.292 Disk 0 scanning C:\Windows\system32\drivers
19:07:14.770 Service scanning
19:08:55.315 Modules scanning
19:08:55.331 Disk 0 trace - called modules:
19:08:55.357 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:08:55.369 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ee8790]
19:08:55.382 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> [0xfffffa80048a8be0]
19:08:55.393 5 ACPI.sys[fffff88000f3a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800489c050]
19:08:58.005 AVAST engine scan C:\Windows
19:09:04.316 AVAST engine scan C:\Windows\system32
19:23:55.918 AVAST engine scan C:\Windows\system32\drivers
19:24:42.282 AVAST engine scan C:\Users\Chris
20:13:00.480 AVAST engine scan C:\ProgramData
20:29:20.674 Scan finished successfully
20:35:55.002 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:35:55.018 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
Followed by OTL:
OTL logfile created on: 6/12/2012 8:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.09% Memory free
7.96 Gb Paging File | 4.67 Gb Available in Paging File | 58.70% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.96 Gb Total Space | 51.13 Gb Free Space | 11.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: CHRIS-VAIO | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\IS3Updater.exe (iS3 Inc.)
PRC - C:\Program Files (x86)\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3aa966e818d35f094e23bbbdcf1b4297\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\ProgramData\STOPzilla!\VIPRE\libMachoUniv.dll ()
MOD - C:\ProgramData\STOPzilla!\VIPRE\libBase64.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (WebDriveService) -- C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (szserver) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (WebDriveFSD) -- C:\Program Files\WebDrive\wdfsd.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS365
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Chris\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 14:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/28 14:13:17 | 000,000,000 | ---D | M]
[2010/01/27 19:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/01/27 19:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\zmotnfbc.default\extensions
[2012/03/05 21:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/05 11:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/03/05 21:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/08/25 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/05 21:41:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Chris\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.74_0\
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\.svn\prop-base\.svn-base
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\.svn\text-base\.svn-base
CHR - Extension: Isoball 3 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\
CHR - Extension: wikiHow Survival Kit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Little Alchemy = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Poppit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2012/06/04 22:29:58 | 000,442,330 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15198 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [Facebook Update] C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{176b04b6-42f6-11e0-9876-e89dd7377ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{176b04b6-42f6-11e0-9876-e89dd7377ad0}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{fa83d07e-9d7c-11df-95fc-0024beaf3dca}\Shell - "" = AutoRun
O33 - MountPoints2\{fa83d07e-9d7c-11df-95fc-0024beaf3dca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/05 19:42:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/05 19:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/05 19:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/04 22:26:29 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/06/04 22:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/06/04 22:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/06/04 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2012/06/04 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/06/04 22:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/04 22:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/04 17:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/01 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5937B427-6017-4050-89C0-9FEB7FECBB74}
[2012/06/01 00:23:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D37FEF48-A920-4142-A400-C35982EBB2B1}
[2012/05/28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/28 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/27 23:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/27 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/24 02:15:53 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/24 02:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/05/24 01:58:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C2A640C8-BA62-401F-B06E-1A0DA26C45F5}
[2012/05/24 01:58:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E1AC2853-43A2-40BA-A164-C8D774145AE4}
[2012/05/24 01:47:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C0B74651-8023-42DA-B152-A56177D5589D}
[2012/05/22 19:30:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Settlers7
[2012/05/22 00:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/12 20:58:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 20:42:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
[2012/06/12 20:35:55 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/06/12 20:11:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 19:26:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
[2012/06/12 18:54:23 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 18:54:23 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 18:49:40 | 000,000,528 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/12 18:42:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/12 18:42:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/06/12 18:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 18:41:17 | 3207,122,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 00:42:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
[2012/06/11 22:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
[2012/06/10 19:49:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/10 19:49:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/10 16:47:31 | 000,000,210 | ---- | M] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.url
[2012/06/05 20:22:48 | 000,001,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2012/06/05 19:49:06 | 000,005,592 | ---- | M] () -- C:\Users\Chris\Desktop\Attach.zip
[2012/06/05 19:41:48 | 000,001,115 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/05 19:41:32 | 000,000,935 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/06/05 19:41:32 | 000,000,916 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/06/04 22:43:36 | 000,001,260 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/04 22:29:58 | 000,442,330 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/04 22:17:55 | 000,000,180 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221753.reg
[2012/06/04 22:17:38 | 000,001,326 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221735.reg
[2012/06/04 22:17:17 | 000,129,636 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221704.reg
[2012/06/03 22:40:17 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/02 21:35:14 | 000,001,027 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk
[2012/05/30 08:29:45 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2012/05/29 21:15:41 | 000,999,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/29 21:15:41 | 000,815,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/29 21:15:41 | 000,180,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/27 23:20:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/22 00:04:07 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/22 00:04:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/21 00:00:19 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\The Settlers 7 Paths to a Kingdom - Gold Edition.url
[2012/05/20 12:19:31 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\Assassin's Creed Brotherhood.url
[2012/05/17 23:50:16 | 000,002,628 | ---- | M] () -- C:\Users\Chris\Desktop\Magic The Gathering Tactics.lnk
[2012/05/15 21:12:45 | 000,065,099 | ---- | M] () -- C:\test.xml
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/12 20:35:55 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/06/12 18:49:19 | 000,000,528 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/10 16:47:30 | 000,000,210 | ---- | C] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.url
[2012/06/05 19:49:06 | 000,005,592 | ---- | C] () -- C:\Users\Chris\Desktop\Attach.zip
[2012/06/05 19:41:48 | 000,001,115 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/05 19:41:32 | 000,000,935 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/06/05 19:41:32 | 000,000,916 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/06/05 19:04:05 | 000,001,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2012/06/04 22:17:53 | 000,000,180 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221753.reg
[2012/06/04 22:17:36 | 000,001,326 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221735.reg
[2012/06/04 22:17:08 | 000,129,636 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221704.reg
[2012/06/03 22:40:17 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 08:29:45 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/27 23:20:22 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/22 00:04:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/22 00:04:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/21 00:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\The Settlers 7 Paths to a Kingdom - Gold Edition.url
[2012/05/20 12:19:31 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\Assassin's Creed Brotherhood.url
[2012/05/17 23:29:04 | 000,002,656 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic The Gathering Tactics.lnk
[2012/05/17 23:29:04 | 000,002,628 | ---- | C] () -- C:\Users\Chris\Desktop\Magic The Gathering Tactics.lnk
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/20 19:21:54 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/08/20 19:21:54 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/08/20 19:21:09 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/20 19:18:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/08/20 19:07:15 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/05/14 16:16:14 | 000,306,729 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/05/14 16:15:29 | 000,136,153 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/01/08 13:47:21 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2010/07/26 23:55:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/07/26 23:55:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/07/26 23:55:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/07/26 23:50:55 | 000,019,966 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/07/20 23:18:28 | 000,007,605 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2010/06/19 23:09:39 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
========== LOP Check ==========
[2011/11/02 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.purple
[2010/12/10 08:11:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Amazon
[2010/02/27 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Auslogics
[2011/09/04 09:32:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations
[2012/06/12 19:04:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2011/06/11 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Electronic Arts
[2011/10/16 22:17:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/05/02 01:09:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2011/09/20 19:59:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Hi-Rez Studios
[2010/05/12 01:56:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2011/11/08 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Might & Magic Heroes VI
[2012/01/08 20:32:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Motorola
[2011/07/15 23:02:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stardock
[2011/05/14 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Uniblue
[2011/06/11 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2010/03/09 02:59:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wizards of the Coast
[2012/06/11 22:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
[2012/06/12 19:26:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
[2012/06/12 18:42:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/09/26 17:49:58 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
And Extras (Part 1 of 2):
OTL Extras logfile created on: 6/12/2012 8:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.09% Memory free
7.96 Gb Paging File | 4.67 Gb Available in Paging File | 58.70% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.96 Gb Total Space | 51.13 Gb Free Space | 11.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: CHRIS-VAIO | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C92038-AF9E-46C2-9414-705871EFB982}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{126C4C42-9170-4C22-8B17-D68CDF4E001E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17029D6B-16AC-4DD0-94C0-6F937C854A66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19D4C0AF-0CDD-4A62-9C01-6E5F3CAA9159}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A9FDCA4-5638-40EE-AC89-571CE525C4F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1DB6C344-827E-4AA3-A819-A3D941C74C3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20C400D3-75F1-44A6-8076-FB4F188C965D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{24C39D91-59B4-4A5D-A207-E14CBFF96A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26FE30B0-A40B-48B1-BB3F-10C0D27930BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2766B5EC-534C-4B3A-A7A5-BF859B77075E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3581A403-0755-4F06-BB08-8F210CF4A702}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37612CCB-B39E-44B4-918B-497B6C76973C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39119EED-F450-4F38-94F9-5426102C9427}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B8CB023-A008-4EC4-8CF1-E150271C1FA0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3E31C9EF-E866-42A1-93E8-35ECF532514C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4224A84A-C4B6-4710-BD80-E0A2AA544CF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4879B5BE-9EFD-4833-B28A-73FE62F71C76}" = rport=138 | protocol=17 | dir=out | app=system |
"{491FA56E-CBE5-4CE2-88CF-4C57E329B1A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49DCA7F4-3355-4022-AFC3-BAF359662EC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B0BAFE8-CC04-4595-AA19-A25734A67746}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B44541A-6A73-464D-A07F-372424B6526D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D1F6E83-82A0-4410-852C-FA56F451A627}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4DE480EF-4A15-4653-9493-9FDC39795EAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E6EBC7C-F582-4F13-B801-37AABA07BF82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C35EFDB-98B0-4481-AD49-DB984D6DD3D5}" = lport=445 | protocol=6 | dir=in | app=system |
"{6D7C8CFB-5CEB-4550-860B-D4C4F5494B27}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6FEB1D75-881A-440A-B254-9158770A4124}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73B1AEC1-132F-4BC7-8BF7-87D2F82364F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FBC7A13-4538-4888-A7B2-52681DBA11FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81231829-61BE-42BF-80A5-B8AFAB8E27D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8378F6D9-F7E8-431B-B5D0-1553DC4DAE7F}" = rport=137 | protocol=17 | dir=out | app=system |
"{84B0DC0C-97A0-4944-93BB-EF4ADD86C052}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84FB53AD-1D7F-4286-9355-973E8A94932A}" = lport=64266 | protocol=6 | dir=in | name=akamai netsession interface |
"{8E027156-5861-45C1-9BAB-E313ED5A524C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EA65AED-2846-437B-9B83-EF5E26AEC2BF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{98CE648A-DD03-4DDF-9FCC-FFAEA3E7E6AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A901F23D-439A-4944-8D4D-8C8CF3F8F83D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD795439-548E-4C36-A4E0-F2BD6F274901}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7691FB3-A865-4B59-AA82-FB02DCFAF9F3}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{BBAB312D-9128-42F3-AB65-703A14D7890E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1940FC7-5161-4D52-A0BA-A7B9A34009B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{C211DF79-B020-42AE-84AB-D15056C430E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C32F1E22-D686-49ED-BA23-085FC50D5E74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9A6C876-12AB-42D3-A98C-08D28F4489BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE6A4249-112D-4E05-88FB-FA78BB0F12BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC09521D-A3C2-4B7F-A5BF-7099DEEF8380}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{E19A8ECC-3023-47F8-A470-004A66E1EA3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E78BD456-81C9-473E-87D3-B8C5951624E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECFCCF9C-923B-420A-A34B-D2659404E8F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EDE2BBE0-6B4D-44D0-89B5-0621F9768E9E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F15C3F03-AFBD-4E2D-8552-68297ACF3069}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F633F911-5F18-4FD1-85AF-7DDA7D6A1053}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9033326-3C40-47F3-B2BB-EFCFA8FF2851}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEB2ACAA-2831-4766-A296-DA3DF049D5A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02984BDD-5DF5-4D59-A9A3-736C49E8FA03}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0313CBC3-913D-4124-8C96-E7EBA669E346}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\readme.txt |
"{03340603-9A13-4995-AD61-FC600F228CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\launcher.exe |
"{03D29FF1-9FEE-4BD9-9D96-5900236D00A0}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{0440B6CE-4AB3-4F08-861A-0F7319E6A2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\launcher.exe |
"{062D647B-2454-4B0A-AE9E-EDB3519FAB0D}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{06DB183E-E16B-4F1D-9493-A14F1C3C71B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{08C2ABC0-E1C6-4BD6-8EB5-BE1AEE60228D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0A1687EF-70D2-454F-A06A-6730FA5A740F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0A4DA856-DC2E-41B2-AD84-D00A4948610B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\aowsmsetup.exe |
"{0F13C6F0-826C-49CB-AD4D-361E98DDCA87}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{0F16F20D-6EF7-4393-9F50-5317A3FEBF44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe |
"{10FFA1F6-4BE6-4C72-960D-86D0BAEBF712}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\quickstart.pdf |
"{119D9373-13BD-4480-8982-DB274AC15443}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{129F59D8-17D6-4D94-8260-63563D1FE2C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16597A5E-F271-40A1-9329-395044ACF6DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe |
"{18BCCE05-15FF-4884-B048-B8B04E63789E}" = protocol=17 | dir=in | app=c:\gamecq\.cache\darkspace\darkspaceclient.exe |
"{19393D12-D264-442D-BED3-89EAAABD3BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\quickstart.pdf |
"{1F6972F6-92E9-49FA-A5D4-FAEBD0BE26A7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22890907-3FB6-4201-8783-922CB925B1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire.exe |
"{228B149F-BCD0-48BC-9B1A-3714563B3AC1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{22B5607E-4E7C-4623-BCDC-83C086A6D138}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{23CC25CA-D6BD-432D-9BC5-3613A3558955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\readme.html |
"{24205DC3-4771-4D74-984E-7BD19A78D31B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2572DA63-F7EA-49BD-841D-D3356447D95D}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire.exe |
"{266D02F5-A9B8-4AD9-9FA3-65FED40B130A}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire entrenchment.exe |
"{26F1530B-A004-4CFE-95F1-E2E00F9E9DF1}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{27355E3A-B434-4FAD-BF3B-E25384F1B059}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{277617A4-DC87-4930-9C3B-7FBEF435DD27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B610435-2312-4DFB-9583-551C2433275F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C5CA09A-99D0-4945-81E5-1628E1F3593A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{2D74511C-1405-4B1E-9D43-8D24D9A7A254}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe |
"{2E64EF54-219B-4724-A408-DC618969510B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\quickstart.pdf |
"{2E6893DF-5161-4985-BEF2-2F489F4F96B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\quickstart.pdf |
"{2F5A1239-4303-4985-9E57-6FB0C3BF04F7}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{30B37DE9-9853-4FEA-962B-ACF9F16641A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\settlers 7 gold\data\base\_dbg\bin\release\settlers7r.exe |
"{31541343-DF3E-416A-8AC6-13D4F042B27C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{31C918BC-CEB8-4148-B1F8-0FB582395730}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire diplomacy.exe |
"{33CA8FED-AADA-4E2F-8AD0-7672EDCD533E}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{35BE5A5F-E33F-4B63-9D3E-EE8DF1D284E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evochron mercenary\evochronmercenary.exe |
"{35FE5E8B-E617-4E82-9819-357BFAC8EDE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{36373F17-7A7B-4F30-9197-99EC2425A345}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{385B9C27-72E5-41FF-907C-FD7E8057970F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3949F626-6C56-4ACD-9E92-235F1615B6F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{3AC65923-E456-4A21-9FA6-9777218D3563}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{3AE983AF-ABDA-42D7-9FD2-07CDEA900FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\quickstart.pdf |
"{3C6E2563-0FB9-44E5-A832-92015E45A9B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2ed.exe |
"{3D274BCB-4634-4786-8456-A566089D1739}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{3D869536-147E-42A0-B0F0-B2668CFB5BCE}" = protocol=17 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"{3E2E503A-4BA0-4D4F-9088-0928E5FA54D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe |
"{3ED81F04-7CC0-4DD1-9D70-BC6E9202A98F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\quickstart.pdf |
"{40F4A06F-9D78-4207-90C2-D604F0E4B810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{414F2A73-7D45-4325-9FBB-6F62E694A712}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{415CCD07-D4DF-49EA-BC91-90F30B2EB82B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{41C84AF5-BA58-4CF1-881E-5808294C2A41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{42EB50F1-AB1F-42A5-81AB-7A3F8A766D60}" = protocol=6 | dir=in | app=c:\program files (x86)\gpotato\rappelz\launcher.exe |
"{43D9B2DF-834B-4633-9A86-FF86ED51B57E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe |
"{43DC4256-A3E5-4E0C-B02D-59A92EEDA0EA}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe |
"{43DD7E6A-35D0-41AA-B0DD-39668D4F5BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\readme.html |
"{45C941C4-CD78-4A12-A1D6-978B14B2C4D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{484551A2-A3D7-4CA5-8761-211C39D1E8C1}" = protocol=6 | dir=in | app=c:\users\chris\downloads\conquer_v5567_p2p_20120110.exe |
"{48962FD8-F316-4B34-B68C-8603567F068F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{49BCDD84-841C-466B-837B-08D0E2B3788F}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{4A9F75D9-2343-48D6-B572-6F5C38E73CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{4BE1DBE3-7CDE-4307-8D7E-FCED1D187172}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4CF38440-C685-42DC-A8F9-B69DD89E3426}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire.exe |
"{4CF6B7B6-AE4E-48A8-9B36-A54D00DEB674}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4E9B1129-48B9-4C44-8562-7B3F581FD821}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{5051B427-7F68-4D7F-8C28-2189F9F140E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\launcher.exe |
"{50EA8BE3-8FFC-4301-9E5E-BCC986C60652}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{5257A0DE-1961-4831-995D-E90FB2DCA539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{52D9E6EF-6D05-4140-A613-85881F900A4F}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe |
"{55721F91-3F0C-4AF9-B3C1-E30DFB9AC5F8}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{5773361A-6854-452A-B149-5F989A3718E2}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{5860B5C2-964C-4FAB-9399-100C870CB1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{5A99D907-ECF6-48DE-876F-FEA5008BF41C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"{5D12345A-C81C-4A85-864B-A247CC920CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire entrenchment.exe |
"{5D7D4617-7609-43AC-A1C3-06BA9E8CEDAE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E13796C-1E0E-477E-914F-BBC3E53B8140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity ii - the dragon knight saga demo\bin\divinity2.exe |
"{5F5A37AA-F6D5-477B-8781-214F84C9CB32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A400DB-277F-4B0B-84E1-C4205A604571}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{60CC1073-D255-440C-B876-3DE9CB2958F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\readme.html |
"{634D65F5-8716-4E3B-9BDE-1D447D09FC9B}" = dir=in | app=c:\users\chris\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{63C1210E-A878-4DBA-96ED-8001D3BFD41C}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{653B7592-9F16-4987-8D8A-084BB4F353C8}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{65CF18B3-E405-4EB0-846E-509D4FB1A999}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{68345C43-D5BB-4A24-9D0B-1D6F79C82478}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6C46C47E-5FFA-4BCC-A740-F1BE5745E672}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6CF87634-A3AF-4CF7-8870-6524B27BC67D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{6DAF4507-A990-48B0-AB66-A78460D5563F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\readme.txt |
"{6E6EAE0B-7D3F-40EB-A88F-C151295D6BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\settlers 7 gold\data\base\_dbg\bin\release\settlers7r.exe |
"{6E995666-F57F-49C4-B76C-D4B0A965E78A}" = protocol=17 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{6F85070A-621E-4B34-95E2-48004E9DC151}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe |
"{6F99B56E-D9AD-4086-BCDE-3184B9496546}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\aowsmsetup.exe |
"{6FBD17B7-BB63-4A7A-9E44-95B8A763FB09}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{71017D75-9320-4213-BF4B-AFFF35703797}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{72AD9BDC-9949-4BF5-8111-8283E72A7A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{73F9828B-B2FF-493A-9BC7-5C5F23595EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty crossworlds\kb.exe |
"{74C94087-3858-40EF-B0B3-77ED7C77FE01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{76410B7A-C219-4801-8F0A-716125191636}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{769DB82F-6BC1-431C-AA1F-E59D77C5B3B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{7788D4C4-A938-458D-AA60-DCBF15824442}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{780FE99A-B264-4821-A6C7-15582E9A1D71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{78C18520-D5F4-4B8B-95FC-1D616A9895E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\launcher.exe |
"{7902DF21-9C65-4363-9E80-C20804BAE798}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{7A9BA780-10EA-4D38-AB1B-B2423F53D5A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B7EBBB8-3E1E-4D54-8A05-90A7D692A600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B7EEDEE-295E-4E19-B7E4-CC644EEB2EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\launcher.exe |
"{7C09C7C5-1E40-4D21-B11C-8CA3C99CA647}" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"{7ECAC1FE-8043-421E-84BE-A51A820CF475}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7F39B454-8BAA-433D-BC67-AF857F837E39}" = protocol=6 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{80E34DB5-6774-4996-AB1A-86B73F3117A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8269CB51-AA4D-4D2D-AFBD-535E4D24E5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"{851B913F-C1DB-44DD-9FEF-130570234704}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2ed.exe |
"{85397152-95C2-4CE2-A7D3-DA3FADCE08B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe |
"{85CD6D85-E194-4260-9C44-B7FCAC21BF8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\everquest 2\launchpad.exe |
"{861798CD-DB95-4C93-82D7-7EB9484F39BC}" = protocol=6 | dir=in | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
"{86D67B22-BC33-4F59-A220-061C3890A1F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{872EF409-90B7-400B-B18F-05494B119C1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe |
"{87E645F0-4BE4-4C79-84C6-289C164DB85C}" = protocol=17 | dir=in | app=c:\program files (x86)\astral\astral.exe |
"{884E248D-505C-444A-B323-F355F5A09A6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2ed.exe |
"{8987BCFD-CFEE-41C7-BADE-05C3C6427FBB}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{898E3C43-FDEA-4F17-B5BD-63E5CA85154A}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire.exe |
"{8AEB9D1C-E597-45A9-81C9-1AF01F23E5AB}" = protocol=17 | dir=in | app=c:\users\chris\downloads\conquer_v5567_p2p_20120110.exe |
"{8B6DA408-076E-43A2-9B82-0FC2EF9959B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\aowsmed.exe |
"{8BC7B694-98CB-47B4-9867-3578805E22BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8C124B1F-FB70-47F9-8586-C351E3979C32}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8C53DBF6-1F17-4962-9124-E06453652935}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{8CE30503-AA30-45B4-B24C-C4B3724A18E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe |
"{8DD69299-C446-4666-B1C2-636CD1B2AE46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{8FC32933-669B-4CEB-8A96-8C338B08C66F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{90287B2F-7BBE-4024-9AE6-7833BB3B4AFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{920436BA-8214-4D72-9F5C-9B94614634B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92B194EB-5B63-4BA1-BAA5-957A12BD912A}" = protocol=6 | dir=out | app=system |
"{93311CCD-4556-46D8-AE18-54D0C7B022BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93923ED5-430B-49EB-AC4F-AC941CF2B529}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{941B404A-95B2-491C-87FE-236CD0B27276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe |
"{94568DF1-AADF-4938-A3A9-E55BC0600E2D}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"{966AB618-1AEA-4918-B116-5D08A0BC9026}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\readme.html |
"{9711E079-5C02-4A26-B3BB-DF8F8B577079}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{981874BD-88E7-4F6B-A593-ABC87CD075BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{9AB94B80-4E5F-4F50-8B73-771BCAF5BF82}" = protocol=6 | dir=out | app=system |
"{9CA32CF7-252A-4094-922D-1B9341E89EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity ii - the dragon knight saga demo\bin\divinity2.exe |
"{9D27BEDC-9B0E-4C2F-842C-DCD02B0A4761}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{9DF2201E-311D-4CFC-9F1C-4DC43E90F1A5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{9E6512DE-D87B-45B1-B4D7-77963ABB362E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9EDFA975-9D01-4C53-A007-B312E1D2FD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe |
"{9F4202B6-7FED-4745-88A9-B1D0651D33D2}" = protocol=58 | dir=in | app=system |
"{A134C771-0614-4A82-A8F1-865FF71EBC59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe |
"{A3276170-DD9D-4EA5-B554-48A899F98B88}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{A3FE6CD3-B94E-45A9-99C4-54CD77CCFA8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{A4F1BD23-8784-4700-9E95-C2B2E3705FA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2ed.exe |
"{A6EAC361-9EF8-44F5-BEC0-5B4F7657DE1A}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"{A7275CD7-8B72-4397-BEB8-69EC15304CD1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A7940171-4E3D-4A2A-9966-602E8BA0E8C9}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire diplomacy.exe |
"{A977C8BC-25A6-409F-BD75-10EB7E4225D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AA4A0FF1-68A4-4456-B66A-80B42C63AD83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{AA5AFE73-9A09-4676-B145-02B29FE056ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe |
"{ACCA71AA-07E3-40E8-8A19-DE9EFBEFE756}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\aowsmed.exe |
"{AD56E2CE-95FB-46CF-B9EA-DFDC37745105}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\quickstart.pdf |
"{AF15D3D0-EE30-4F83-AE85-0D485CFD567C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{B09F1643-F95C-4BF9-876F-A61A9BC433B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{B3C61BC8-56FF-4836-8AD7-1423EA09DE48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2setup.exe |
"{B3C695D0-90C9-4764-BF4C-3F01D68BE9B7}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{B9E6058D-3EF3-461A-AB1D-5CDB5ABDCA2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BAD3786E-CB9B-4C1E-8024-198571039AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{BB45B9AF-C93F-4D73-9DDE-8AB375284C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{BC548F40-E44F-4D66-A755-532A194B4AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe |
"{BC9CDBA3-AC7C-4D83-9481-19B6F3DC31A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"{BF118C94-601F-42B6-8805-1B1B34A727AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\readme.txt |
"{C12BBAF0-9E57-41B1-ACEF-0E7345C68AE8}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C33C28DA-FBDB-460A-A1C1-F5CE6F5441F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty crossworlds\kb.exe |
"{C3853D46-9547-4CCE-8F83-7103A0BC3BD1}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire diplomacy.exe |
"{C3D8E636-1D16-4F0D-BAC6-A6B19A998C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\quickstart.pdf |
"{C56301ED-F600-4670-A37D-401D3F790C36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{C569FD3D-F036-4107-B897-0B20E26F557C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5EC3CEE-8D03-4618-8040-683923C0CFDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{C6344FD6-E32D-4A02-A100-0FC38E860202}" = protocol=6 | dir=out | app=system |
"{C7463615-3A96-4402-90E0-F8469065F815}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C841C559-693B-4A2B-AE00-4FF078C525C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evochron mercenary\evochronmercenary.exe |
"{C858C91A-00B1-4649-8BD1-69C5A1C7EAC2}" = protocol=6 | dir=out | app=system |
"{C8934A01-5F59-4C8E-8E32-3A7FAEDE3E1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA08334B-F7DE-4128-98AC-38495E1C52D5}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{CCF62B94-C0CD-4C54-BFF6-71CED922AB79}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{CCF7FA0A-470B-4460-BBF6-11874065EDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\astral\astral.exe |
"{CDF85D8F-1C57-4D77-AC3D-3108599460F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{CEB402DD-F0D4-4664-8CE4-BBB8E32C6111}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{D048C672-D846-4804-ABE4-0885036916AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{D4392EFA-8FEA-46ED-A8B4-F4E65C621238}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\readme.html |
"{D4B2F10E-11F1-44AB-A68F-FD6497F88BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\quickstart.pdf |
"{D7152676-8A54-4C7D-A611-8136D4B8A3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D78275E5-DE63-492C-991D-FC0F5007E543}" = protocol=6 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"{D85705D2-6165-4F96-8478-ECBE305E7D45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2setup.exe |
"{D9334EF3-2C54-49EF-AC0E-7F8F17DDC6F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D98DEF13-25AD-4A64-9956-FE37C3C2FFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA842943-B14A-41CE-804D-BC98B75D1758}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DAA063DC-C00D-4BA7-9243-65689B4E9CEB}" = dir=in | app=conquer_v5567_p2p_20120110.exe |
"{DB894EE7-0241-4927-B75E-96C95503607C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{DB89A033-01EA-4EFD-9A7E-B27A60C857D9}" = protocol=17 | dir=in | app=c:\program files (x86)\gpotato\rappelz\launcher.exe |
"{DB90CF2F-B8D1-40DB-AB28-CDE5E1BD313D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2setup.exe |
"{DCD57B1C-4952-4F12-BEB0-E48808CECDC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\readme.txt |
"{DD5C4EA2-70E1-4EF6-805F-1279DEDA1FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe |
"{DF6DDC80-D8A4-43D4-8110-1B3D0282A862}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"{E01C4B4A-D4A3-4BD9-93BD-41334DF40290}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire diplomacy.exe |
"{E18AE5D1-B7BE-47F1-8344-05537DD76D4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe |
"{E3564057-65E9-4E71-BC80-B7667408044A}" = protocol=17 | dir=in | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
"{E39E400D-089E-40ED-A380-EA7C304D73D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\aow2setup.exe |
"{E535668F-1F59-4549-B469-7793FF3100B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{E5DC414E-CD07-4BD5-8323-3F679905CD4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{E70E4E12-AE3D-44BD-A19D-C5CE4DBCC99A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9DEC01A-76FA-4C6C-B12A-C2A190FD48AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA3DF7D4-8F10-4732-A801-91726A45F19B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{EAEF8513-4196-487D-85C6-6B66ADF1F713}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\launcher.exe |
"{EC2A2F95-2EB8-4CA1-B744-C614C32A02B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders shadow magic\quickstart.pdf |
"{F11D381D-7D87-4B2C-ADB1-D9A2AB13219A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F271637B-45B1-4E7D-BE84-209763A5B432}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"{F2BA02BF-B009-4B92-80CB-E2E00A2AC752}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F2F31560-DE08-46D0-92B0-F9EB6EE61277}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{F4FAEFE7-B733-4CEF-A351-9A0CF9C8EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{F5B83443-FAD8-4304-9A8F-C79EF52B2E0A}" = protocol=6 | dir=in | app=c:\gamecq\.cache\darkspace\darkspaceclient.exe |
"{F66F2CC9-1EEE-4133-AFF2-6FD77F0C3A09}" = protocol=6 | dir=out | app=system |
"{F6C217BC-7EA8-4058-B338-A3C8A5EAD17F}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire entrenchment.exe |
"{F8E10D03-DE44-41C1-98E9-BEDBB6CBBC5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders 2\readme.html |
"{F9199983-B0A5-4E54-962C-632DF368074F}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F9242AF8-C457-41CD-AC3F-9C1CADC7BC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F9769974-5F1C-4E56-917B-E70EF95B6BDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F99B9858-E4E5-43A9-A0B8-57C3D2A2673F}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"{FA2EB889-8F4F-4700-9146-078089180EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\everquest 2\launchpad.exe |
"{FA422E70-A5FE-4BCD-BEBA-4290F1577166}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"{FCA0C2C2-A1D7-4B23-A71C-6D1B9FFF9436}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire - trinity\sins of a solar empire entrenchment.exe |
"{FD7F349C-4566-4490-BB61-EFF87A223024}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{FE421805-F5AE-4A15-B1C4-D0628B758A0F}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"TCP Query User{00EB0884-19DA-4747-B030-E9F17DC28DC7}C:\users\chris\documents\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\chris\documents\eclipse\eclipse.exe |
"TCP Query User{077ED197-C9E4-431E-9FCC-4B38B45970EB}C:\users\chris\documents\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\chris\documents\downloads\mtgoiii_helper.exe |
"TCP Query User{11E7FDBA-C3F3-4BF7-B9B1-9B27801BC16B}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
"TCP Query User{1B307833-09D6-408C-ACFF-F3A8EE0B5901}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"TCP Query User{224CD272-89E0-4524-A4DB-DC6E3019482B}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{35620AA0-CF04-425C-B615-516570173DCA}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"TCP Query User{3FA0C926-AAB3-4E8A-9363-13466A3F3BF6}C:\users\chris\downloads\conquer_v5567_p2p_20120110.exe" = protocol=6 | dir=in | app=c:\users\chris\downloads\conquer_v5567_p2p_20120110.exe |
"TCP Query User{4555001C-2D68-493B-9F43-E961095461D8}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{57543643-0B90-4B26-8DBB-5F2101FAE8AB}C:\dynamix\tribes2\gamedata\tribes2.exe" = protocol=6 | dir=in | app=c:\dynamix\tribes2\gamedata\tribes2.exe |
"TCP Query User{576D430C-C540-40E6-AD1B-3811F665D5E5}C:\program files (x86)\astral\astral.exe" = protocol=6 | dir=in | app=c:\program files (x86)\astral\astral.exe |
"TCP Query User{663D6A98-E94F-412A-A66C-6562F9AD970D}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{666853D7-6072-47FA-AC63-91418D24AAC9}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{67AABB02-D8DC-4781-A590-315675C3D84E}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{85A6C8A9-A361-4938-AAD9-6162775ADE8A}C:\program files (x86)\spectromancer\spectromancer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spectromancer\spectromancer.exe |
"TCP Query User{8F2624F3-DF15-4CC8-8E59-C79E61AE7155}C:\program files (x86)\2k games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands\binaries\borderlands.exe |
"TCP Query User{96F3C17F-E52D-44C9-8334-D97E0609F2D7}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{97B1208E-7AAF-4CDA-9DA6-9D431818004B}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{9A60C8B7-F11A-4098-914D-CF25CEF7FE47}C:\users\chris\documents\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\chris\documents\eclipse\eclipse.exe |
"TCP Query User{A4C73390-AF28-476B-B1ED-E01C360BE36E}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{AC0C2FF2-AF2A-4577-9531-6234A5F81821}C:\program files (x86)\2k games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands\binaries\borderlands.exe |
"TCP Query User{BA201A7B-53A5-4D42-BF1A-6CF58866C198}C:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe |
"TCP Query User{C39B1E71-177B-40E6-A94C-97F036B2174F}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{C81A7D83-5359-4583-A0C8-A36ED9DAECDF}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{D04CC32E-1D3B-424C-96C9-41E38D216460}C:\program files\sony\vaio care\vaiocare.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |
"TCP Query User{D0C88B27-DDFD-4883-9E18-F208015D297D}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{DB1F1EDC-740D-44A9-A431-AC322941FB17}C:\gamecq\.cache\darkspace\darkspaceclient.exe" = protocol=6 | dir=in | app=c:\gamecq\.cache\darkspace\darkspaceclient.exe |
"TCP Query User{E90FF58C-1322-43C3-ABD6-85D7E53DB38C}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{14C37FC8-7F29-48F6-B36C-FDAD1798DBBB}C:\dynamix\tribes2\gamedata\tribes2.exe" = protocol=17 | dir=in | app=c:\dynamix\tribes2\gamedata\tribes2.exe |
"UDP Query User{177D3834-B609-48D2-9AB3-BD10A242A8BA}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"UDP Query User{18FE229C-2C32-4BC4-BDA2-62411605DB67}C:\users\chris\documents\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\chris\documents\eclipse\eclipse.exe |
"UDP Query User{22D3E2B0-DF54-45EB-B105-F4C696DF06A1}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2C296C88-3DA1-4A19-AC22-A514445D4C2C}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{313848E4-ACFB-405F-8376-B11F98B5BF12}C:\gamecq\.cache\darkspace\darkspaceclient.exe" = protocol=17 | dir=in | app=c:\gamecq\.cache\darkspace\darkspaceclient.exe |
"UDP Query User{37EA4F09-76D2-4089-8957-F8F39B67DBA3}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{3FA1808D-E3E4-4622-A1CC-BC8019A76620}C:\program files (x86)\2k games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands\binaries\borderlands.exe |
"UDP Query User{5522A5B6-9486-4FEE-B261-8D3B12BD8828}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{5AF83A0D-2CBA-4E88-845B-432C28C990FB}C:\users\chris\documents\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\chris\documents\downloads\mtgoiii_helper.exe |
"UDP Query User{65CC2C8E-E96B-4046-86D2-61B95C5052AE}C:\program files (x86)\spectromancer\spectromancer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spectromancer\spectromancer.exe |
"UDP Query User{74FFA2E1-11C7-40DF-BA89-1DB546D46DC3}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{765A6304-A3A1-4B3A-9FF6-0943583D79C3}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{788C3BFE-DA8B-4682-842D-4EE2521AC45B}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{861B0C7D-60B1-4793-A84E-E424A7E2FF19}C:\program files (x86)\astral\astral.exe" = protocol=17 | dir=in | app=c:\program files (x86)\astral\astral.exe |
"UDP Query User{8BCFBFBC-80E9-4827-951A-A5359117B798}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{8D18CD7B-4126-4962-84F7-EABF80790C30}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"UDP Query User{9A04B1DE-E39F-4929-8E69-75F6E8436C20}C:\users\chris\downloads\conquer_v5567_p2p_20120110.exe" = protocol=17 | dir=in | app=c:\users\chris\downloads\conquer_v5567_p2p_20120110.exe |
"UDP Query User{9AAD2FEA-D297-4DB9-B310-6D740CADC3C7}C:\program files\sony\vaio care\vaiocare.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |
"UDP Query User{A8DD9D9D-72E3-4EB9-B429-07BD0C9AFCB4}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
"UDP Query User{B2F0A5D7-4DDE-43AC-BEAC-6BBAC908B368}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{B5192A4D-7A84-45E8-9DA5-47FE80432EB8}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{B5332E1F-BC28-4373-87FD-B92780B8EE25}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{C65948CB-BC73-402A-9D12-73A65F1A0723}C:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\magic the gathering tactics\mtgtactics.exe |
"UDP Query User{CEC73FF8-4EAA-4C31-88DA-3228F8DA0C8C}C:\program files (x86)\2k games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands\binaries\borderlands.exe |
"UDP Query User{EF185419-DC53-4ACB-B23A-7063077D743F}C:\users\chris\documents\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\chris\documents\eclipse\eclipse.exe |
"UDP Query User{FE556EF6-95D3-47C3-BDDC-CAA8523FBB58}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
(rest of Extras.txt where it was cut off above)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = Microsoft SQL Server 2008 Reporting Services
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = Microsoft SQL Server 2008 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59D3F691-179D-4E52-832C-D22B81541AC5}" = Microsoft SQL Server 2008 Setup Support Files
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67C816AF-93F0-4C11-A355-AABC5FC00083}" = Microsoft SQL Server 2008 BI Development Studio
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = Microsoft SQL Server 2008 Analysis Services
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}" = Microsoft Sync Services for ADO.NET v2.0 (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7E4E7DD-2099-4D58-AE31-6E0F663066DD}" = Microsoft SQL Server 2008 Full text search
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE479CE0-753F-49C0-B8E6-79A37403999F}" = Microsoft SQL Server 2008 BI Development Studio
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6901D72-1BF0-30FB-B9BC-B6DC1266E0F4}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
"{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
"{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}" = VAIO Personalization Manager
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = Microsoft SQL Server 2008 Analysis Services
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5FEEB7E-F647-4D18-85BA-096750A15547}" = Microsoft SQL Server 2008 Integration Services
"{F8B40DB4-FD07-4368-AA57-34F2B0839683}" = VAIO Content Metadata Intelligent Analyzing Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"['{F634E3D7-B968-497B-A888-685597C901F6}']" = Spectromancer: Truth and Beauty
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}" = VAIO Messenger
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Function Settings
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = VAIO Content Monitoring Settings
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F962B79-D0DC-40D9-96BA-ED1355120CBA}" = QuickBooks Financial Center
"{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}" = Brother MFL-Pro Suite MFC-J410W
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{405FA152-1638-4FC1-9233-62DB6F2D4C98}" = Geneforge 5
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41851B16-0EB6-42E4-88ED-B6FA5D98507A}" = Savage
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{50B905E5-2466-4A3E-894E-CD5A25D54556}" = Microsoft SQL Server 2008 Books Online (August 2008)
"{52E9A798-88C7-4EE6-94D4-2D54FEC8EE52}" = Ragnarok Online
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5CFAAAD2-5AFE-4617-9A78-0A19A4C1226B}" = Astral Masters
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{6754AE0D-B2E1-45E4-835F-FDFEC373DE8A}" = VAIO Hardware Diagnostics
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = Industry Giant 2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1CD2720-2614-4EE2-9DFC-58219B4D6F85}_is1" = Disciples III Demo
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"Active@ UNERASER Demo" = Active@ UNERASER Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface Service
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Android SDK Tools" = Android SDK Tools
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AT" = Astral Tournament 1.7
"Audacity_is1" = Audacity 1.2.6
"Borderlands" = Borderlands
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DarkSpace" = DarkSpace 1.670
"Diablo II" = Diablo II
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Evil Genius_is1" = Evil Genius
"Freelancer 1.0" = Freelancer
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Impulse®" = Impulse®
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastChaos" = LastChaos
"LogMeIn Hamachi" = LogMeIn Hamachi
"Lords of Magic Special Edition" = Lords of Magic Special Edition
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Pidgin" = Pidgin
"Privateer" = Privateer
"PunkBusterSvc" = PunkBuster Services
"Savage2" = Savage 2 - A Tortured Soul
"Sierra Utilities" = Sierra Utilities
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Starpoint Gemini Demo1.011" = Starpoint Gemini Demo
"Steam App 201230" = EverQuest II
"Steam App 201680" = Dungeon Defenders Demo
"Steam App 20700" = Starscape
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 25900" = King's Bounty: The Legend
"Steam App 3170" = King's Bounty: Armored Princess
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 48190" = Assassin's Creed Brotherhood
"Steam App 48210" = The Settlers 7: Paths to a Kingdom - Gold Edition
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 58600" = Divinity II: Dragon Knight Saga - Demo
"Steam App 61500" = Age of Wonders
"Steam App 61510" = Age of Wonders 2
"Steam App 61520" = Age of Wonders: Shadow Magic
"Steam App 61530" = Age of Wonders: Trilogy Soundtrack
"Steam App 63910" = King's Bounty: Crossworlds
"Steam App 71000" = Evochron Mercenary
"Steam App 73050" = Magicka - Demo
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91600" = Sanctum
"Tribes 2" = Tribes 2
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"VAIO Messenger" = VAIO Messenger
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Diablo II" = Diablo II
"Dropbox" = Dropbox
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"Sim City 2000" = Sim City 2000
"SOE-Magic The Gathering Tactics" = Magic The Gathering Tactics
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/10/2012 7:17:02 PM | Computer Name = Chris-VAIO | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5836 (0x16cc) Thread address : 0x00000000771C138A Thread message : Build VSCORE.14.1.0.567
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Users\Chris\Documents\Downloads\MicrosoftOffice2007-Win.exe
by C:\Windows\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 6/10/2012 7:17:06 PM | Computer Name = Chris-VAIO | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;
Error - 6/10/2012 7:20:14 PM | Computer Name = Chris-VAIO | Source = Windows Backup | ID = 4103
Description =
Error - 6/10/2012 7:59:29 PM | Computer Name = Chris-VAIO | Source = Application Hang | ID = 1002
Description = The program Settlers7R.exe version 1.12.1396.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1424 Start
Time: 01cd474a5a372c02 Termination Time: 27537 Application Path: c:\program files
(x86)\steam\steamapps\common\settlers 7 gold\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
Report
Id:
Error - 6/11/2012 9:32:19 PM | Computer Name = Chris-VAIO | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
Error - 6/12/2012 8:30:31 AM | Computer Name = Chris-VAIO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 6/12/2012 6:02:30 PM | Computer Name = Chris-VAIO | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
Error - 6/12/2012 6:02:32 PM | Computer Name = Chris-VAIO | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
Error - 6/12/2012 6:44:15 PM | Computer Name = Chris-VAIO | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
Error - 6/12/2012 6:44:31 PM | Computer Name = Chris-VAIO | Source = PerfNet | ID = 2004
Description =
Error - 6/12/2012 6:44:38 PM | Computer Name = Chris-VAIO | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
[ Media Center Events ]
Error - 5/19/2012 12:57:45 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 12:57:39 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/19/2012 1:58:00 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 1:57:58 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/19/2012 10:16:37 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 10:16:37 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/19/2012 10:04:19 PM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 10:04:14 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/20/2012 10:59:24 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 10:59:24 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/20/2012 10:44:30 PM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 10:44:25 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/22/2012 6:04:08 PM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 6:04:08 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 5/22/2012 10:05:32 PM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 10:05:23 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )
Error - 6/4/2012 5:48:36 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 3:37:33 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)
Error - 6/4/2012 7:56:27 AM | Computer Name = Chris-VAIO | Source = MCUpdate | ID = 0
Description = 7:43:42 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)
[ System Events ]
Error - 6/12/2012 6:10:28 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7022
Description = The Windows Font Cache Service service hung on starting.
Error - 6/12/2012 6:13:21 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7022
Description = The VAIO Care Performance Service service hung on starting.
Error - 6/12/2012 6:42:47 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
Server Integration Services 10.0 service to connect.
Error - 6/12/2012 6:42:47 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7000
Description = The SQL Server Integration Services 10.0 service failed to start due
to the following error: %%1053
Error - 6/12/2012 6:43:23 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
Server (MSSQLSERVER) service to connect.
Error - 6/12/2012 6:43:23 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7000
Description = The SQL Server (MSSQLSERVER) service failed to start due to the following
error: %%1053
Error - 6/12/2012 6:43:49 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.
Error - 6/12/2012 6:44:54 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.
Error - 6/12/2012 6:44:54 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053
Error - 6/12/2012 6:46:07 PM | Computer Name = Chris-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv
< End of report >
Thanks again,
Chris
Are you still having those warnings ? HitmanPro has been known to cause some problems, I would uninstall it
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I still see the old message, but I believe that might be because I haven't clicked to remove the message from the action center. I attempted to close all protective services. Combofix told me STOPzilla and Mcafee were still running. I had trouble even launching STOPzilla, so I uninstalled that for the time being. As for McAfee, the best I could do was turn off realtime protection. However, it decided after a good ten or fifteen minutes or so (on more than one occasion) to turn itself back on, so I did my best to keep that option off (the access protection/other features seemed to be off to the best of my knowledge). Anyways, here's the log below. Let me know if there's anything you'd like me to run differently. In the meantime, I'm turning back on the firewall, etc.
ComboFix 12-06-13.05 - Chris 06/13/2012 23:51:39.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2341 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Public\Documents\~WRL0354.tmp
c:\users\Public\Documents\~WRL2288.tmp
c:\windows\SysWow64\SETE43A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 04:08 . 2012-06-14 04:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-14 04:08 . 2012-06-14 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 02:32 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CE1B00C-DC70-40F1-9DBD-363DFA7ADF79}\mpengine.dll
2012-06-05 23:41 . 2012-06-05 23:41 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-05 02:26 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-05 02:26 . 2012-06-14 03:25 -------- d-----w- c:\program files (x86)\STOPzilla!
2012-06-05 02:26 . 2012-06-14 03:25 -------- d-----w- c:\programdata\STOPzilla!
2012-06-05 02:05 . 2012-06-05 02:05 -------- d-----w- c:\program files\CCleaner
2012-06-04 21:32 . 2012-06-04 21:33 -------- d-----w- c:\programdata\HitmanPro
2012-05-28 18:11 . 2012-05-28 18:11 -------- d-----w- c:\programdata\Apple Computer
2012-05-28 03:20 . 2012-05-28 03:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-24 06:15 . 2012-05-24 06:15 -------- d-----w- c:\windows\en
2012-05-24 06:08 . 2012-05-24 06:08 -------- d-----w- c:\program files\Windows Live
2012-05-24 06:07 . 2012-05-24 06:07 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-24 06:01 . 2012-05-24 06:01 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\DXSETUP.exe
2012-05-24 06:01 . 2012-05-24 06:01 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\DSETUP.dll
2012-05-24 06:01 . 2012-05-24 06:01 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\988177e91cd397201\dsetup32.dll
2012-05-22 04:05 . 2012-05-22 04:05 -------- d-----w- c:\programdata\Ubisoft
2012-05-22 04:04 . 2012-05-22 04:04 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-22 04:04 . 2012-05-22 04:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-18 03:28 . 2012-05-18 03:28 -------- d-----w- c:\users\Public\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 23:49 . 2012-04-25 22:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 23:49 . 2011-08-07 22:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:57 . 2012-04-25 22:57 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2011-05-15 15:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-10 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 04:14 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 04:13 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 04:13 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-19 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-18 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Impulse Now.lnk - c:\program files (x86)\Impulse\Now\ImpulseNow.exe [2011-6-10 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VAIO Messenger.lnk - c:\program files (x86)\DDNi\Oasis\Delay.exe [2010-7-14 14176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 135664]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 23:49]
.
2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 03:21]
.
2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 03:21]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 19:55]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 19:55]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 05:26]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 05:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-01-05 23:34 1828352 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\zmotnfbc.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\SecuROM\License information*]
"datasecu"=hex:ed,9f,c3,29,7f,91,00,70,3b,dc,f1,a9,83,ec,91,1b,7d,9c,da,8d,bd,
4f,0d,43,2e,e4,10,25,39,af,de,57,24,5e,eb,e8,b3,23,17,fd,04,b3,c7,32,d3,ea,\
"rkeysecu"=hex:b5,63,5b,9c,d2,f3,31,c0,ab,d6,83,22,c4,0b,9d,e7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-14 00:12:54
ComboFix-quarantined-files.txt 2012-06-14 04:12
.
Pre-Run: 52,516,106,240 bytes free
Post-Run: 52,027,912,192 bytes free
.
- - End Of File - - 018C87370245DB30D63200F65CD7D8E8
Overall not looking to bad
Did you set this proxy ?
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local
Are you getting any browser redirects ?
Glad to hear it. I don't recall setting any proxys. I haven't really been noticing any browser redirects though (except on one rare occasion, but I believe that was either an ad that was triggered somehow or just a particular website while I was looking for solutions recently). And on looking at that further, I don't use IE, so that makes me more suspicious of it.
Lets fix it
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local>
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Access was denied on many of the files ERUNT attempted to back up. Should I go ahead and run the fix with OTL anyway or would I have to run it in safe mode to open up those files? Also, it mentions backing up Windows 2000/NT/XP registries, but I'm running Windows 7. That won't be an issue, will it?
The fix is really a simple one so we can by pass ERUNT, go ahead and run the fix with OTL
The log produced after the fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Downloads\cmd.bat deleted successfully.
C:\Users\Chris\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Chris
->Temp folder emptied: 1925130 bytes
->Temporary Internet Files folder emptied: 48865633 bytes
->Java cache emptied: 25895590 bytes
->FireFox cache emptied: 21158544 bytes
->Google Chrome cache emptied: 364052468 bytes
->Flash cache emptied: 46306 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 72675997 bytes
->Java cache emptied: 1616384 bytes
->Google Chrome cache emptied: 16125673 bytes
->Flash cache emptied: 564 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 15380280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57601593 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 206180 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 597.00 mb
OTL by OldTimer - Version 3.2.46.1 log created on 06192012_184613
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
And OTL.txt:
OTL logfile created on: 6/19/2012 7:00:31 PM - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.98 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.05% Memory free
7.96 Gb Paging File | 5.19 Gb Available in Paging File | 65.23% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.96 Gb Total Space | 57.22 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: CHRIS-VAIO | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe (Sony Corporation)
PRC - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (WebDriveService) -- C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$DDNI) SQL Server Agent (DDNI) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (WebDriveFSD) -- C:\Program Files\WebDrive\wdfsd.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS365
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*;<local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Chris\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 14:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/17 20:49:38 | 000,000,000 | ---D | M]
[2010/01/27 19:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/01/27 19:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\zmotnfbc.default\extensions
[2012/06/17 20:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/05 11:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/06/17 20:49:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/08/25 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Chris\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.75_0\
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\.svn\prop-base\.svn-base
CHR - Extension: Auto-Reload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcelohhcooepfkolgbieponejnhpemja\1.0_0\.svn\text-base\.svn-base
CHR - Extension: Isoball 3 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\
CHR - Extension: wikiHow Survival Kit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Little Alchemy = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Poppit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2012/06/19 18:46:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [Facebook Update] C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1530761295-3618611931-1772812319-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/19 18:46:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/17 20:49:38 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/17 20:49:38 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/17 20:49:38 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/17 20:49:37 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/17 15:47:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\The Lord of the Rings Online
[2012/06/17 15:47:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\The Lord of the Rings Online
[2012/06/14 07:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/14 00:12:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/13 23:48:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/13 23:48:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/13 23:48:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/13 23:48:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/13 23:08:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/13 22:44:59 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 22:44:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 22:44:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 22:44:57 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 22:44:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 22:44:46 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/13 22:44:38 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 22:44:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 22:44:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 22:44:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 22:44:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 22:44:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 22:43:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 22:43:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 22:43:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 22:42:31 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 22:42:21 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 22:42:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 22:34:03 | 004,557,245 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/06/05 19:42:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/05 19:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/05 19:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/04 22:26:29 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/06/04 22:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/06/04 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/06/04 22:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/04 22:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/04 17:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/01 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5937B427-6017-4050-89C0-9FEB7FECBB74}
[2012/06/01 00:23:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D37FEF48-A920-4142-A400-C35982EBB2B1}
[2012/05/28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/28 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/27 23:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/27 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/24 02:15:53 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/24 02:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/05/24 01:58:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C2A640C8-BA62-401F-B06E-1A0DA26C45F5}
[2012/05/24 01:58:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E1AC2853-43A2-40BA-A164-C8D774145AE4}
[2012/05/24 01:47:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C0B74651-8023-42DA-B152-A56177D5589D}
[2012/05/22 19:30:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Settlers7
[2012/05/22 00:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
========== Files - Modified Within 30 Days ==========
[2012/06/19 19:11:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 18:59:20 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 18:59:20 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 18:57:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/19 18:49:58 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 18:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 18:48:20 | 3207,122,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 18:46:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/19 18:42:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
[2012/06/19 07:26:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004UA.job
[2012/06/19 00:42:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
[2012/06/18 22:35:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1530761295-3618611931-1772812319-1004Core.job
[2012/06/17 20:49:19 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/17 20:49:19 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/17 20:49:19 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/17 20:49:17 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/17 20:49:17 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/14 03:40:58 | 005,023,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:18:13 | 000,816,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 03:18:13 | 000,181,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 03:18:12 | 001,014,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 00:10:39 | 000,000,023 | ---- | M] () -- C:\test.xml
[2012/06/13 22:34:26 | 004,557,245 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/06/13 20:06:57 | 001,017,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/12 20:35:55 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/06/10 19:49:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/10 19:49:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/10 16:47:31 | 000,000,210 | ---- | M] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.url
[2012/06/05 19:49:06 | 000,005,592 | ---- | M] () -- C:\Users\Chris\Desktop\Attach.zip
[2012/06/05 19:41:48 | 000,001,115 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/05 19:41:32 | 000,000,935 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/06/05 19:41:32 | 000,000,916 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/06/04 22:43:36 | 000,001,260 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/04 22:17:55 | 000,000,180 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221753.reg
[2012/06/04 22:17:38 | 000,001,326 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221735.reg
[2012/06/04 22:17:17 | 000,129,636 | ---- | M] () -- C:\Users\Chris\Documents\cc_20120604_221704.reg
[2012/06/03 22:40:17 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/02 21:35:14 | 000,001,027 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk
[2012/05/30 08:29:45 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2012/05/27 23:20:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/22 00:04:07 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/22 00:04:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/21 00:00:19 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\The Settlers 7 Paths to a Kingdom - Gold Edition.url
========== Files Created - No Company Name ==========
[2012/06/13 23:48:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/13 23:48:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/13 23:48:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/13 23:48:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/13 23:48:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/12 20:35:55 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/06/10 16:47:30 | 000,000,210 | ---- | C] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.url
[2012/06/05 19:49:06 | 000,005,592 | ---- | C] () -- C:\Users\Chris\Desktop\Attach.zip
[2012/06/05 19:41:48 | 000,001,115 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/05 19:41:32 | 000,000,935 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/06/05 19:41:32 | 000,000,916 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/06/04 22:17:53 | 000,000,180 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221753.reg
[2012/06/04 22:17:36 | 000,001,326 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221735.reg
[2012/06/04 22:17:08 | 000,129,636 | ---- | C] () -- C:\Users\Chris\Documents\cc_20120604_221704.reg
[2012/06/03 22:40:17 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 08:29:45 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/27 23:20:22 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/22 00:04:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/22 00:04:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/21 00:00:19 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\The Settlers 7 Paths to a Kingdom - Gold Edition.url
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/20 19:21:54 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/08/20 19:21:54 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/08/20 19:21:09 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/20 19:18:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/08/20 19:07:15 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/05/14 16:16:14 | 000,306,729 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/05/14 16:15:29 | 000,136,153 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/01/08 13:47:21 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2010/07/26 23:55:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/07/26 23:55:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/07/26 23:55:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/07/26 23:50:55 | 000,019,966 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/07/20 23:18:28 | 000,007,605 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
< End of report >
Great, do you still have problems ?